1 / 16

RSVP Cryptographic Authentication

RSVP Cryptographic Authentication. F.Baker, B.Lindell, M.Talwar. January 2000, IETF (Internet Engineering Task Force) RFC 2747.

dea
Télécharger la présentation

RSVP Cryptographic Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSVP Cryptographic Authentication F.Baker, B.Lindell, M.Talwar. January 2000, IETF (Internet Engineering Task Force) RFC 2747 "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism to protect RSVP message integrity hop by hop." - RFC 2747 Presented by: Colin Coghill September, 2000.

  2. Contents * What is RSVP? When might we need it? How does it operate? What would we lose if we don't protect it? * RSVP Authentication. Overview. Some details. * Notes and Conclusions. * Questions.

  3. What is RSVP? * Resource ReSerVation Protocol * RSVP is defined in RFC 2205. "The RSVP protocol is used by a host to request specific qualities of service from the network..." * It is an "Out of Band" signalling protocol. * RSVP messages travel only in one direction.

  4. An RSVP Conversation Video Server Router Router Router Client

  5. An RSVP Conversation Video Server Router Router Router Request Client

  6. An RSVP Conversation Video Server Router Router Request Router Guaranteed bandwidth. Client

  7. An RSVP Conversation Video Server Router Request Router Router Client

  8. An RSVP Conversation Video Server Router Router Router Client

  9. What is at risk? What do we stand to lose if RSVP is successfully attacked? * Network Resources. (Bandwidth, Real-time traffic, Reliability) * Service or Quality. (A denial of service attack on a competitor might make them lose customers)

  10. Authentication Overview * RSVP Authentication gives us message integrity and node authentication. * It leaves us with a choice of algorithms, although HMAC-MD5 is suggested. * Both the message, and the authentication information are not confidential. * If a message fails to authenticate, it will usually be ignored.

  11. INTEGRITY Object

  12. Sequence Number * Provides protection from replay attacks. * Can be any increasing value. eg. A counter, or maybe based on a realtime clock. * 64 bit number. May wrap. * The server should not accept out-of-order packets.

  13. Notes * RFC 2747 contains a lot of detail. * It is expected that a standard key management system will be used. * Receiver will ignore invalid messages, hoping that a correct one will be received before a timeout. * IPsec wasn't chosen because it has issues with firewalls.

  14. Conclusions * I think the subject of network resource allocation will become important over the next few years. * RSVP Authentication is protecting resources which are tempting for the amateur cracker to attack. * While RSVP Authentication seems sensible and secure, I believe there may still be a way to attack RSVP itself.

  15. Question 1 The RSVP Protocol will usually ignore packets that fail to authenticate correctly. * Could this be abused by someone who can alter packets "on the wire"?

  16. Question 2 I've included a summary of RSVP itself, whereas the main point of the presentation is supposed to be on a proposed authentication method for it. * When evaluating a security method, should you spend much time investigating its environment? * If so, how much?

More Related